Posted
by
Hemos
on Tuesday September 26, 2000 @05:16PM
from the better-do-a-good-job dept.

sconeu writes: "Fox News is reporting that the Illinois Institute of Technology will review Carnivore. Fox further reports that 'The Justice Department said in a written statement that it received 11 proposals from various organizations, including the University of California--Davis, and the National Software Testing Laboratory.'" Representatives from a law school (
Chicago-Kent College of Law, not Kent State as previously stated; thanks to corprew for the correction -- tl) will be looking at it as well, and it's slated to start in December.

Yes, I was just informed, that I will actually get a chance to look at. I am not affiliated in any way with the school. I do not go to the school, I do not work for the school. A relative of mine is a professor there and he would like me to aide him in reviewing it. If you believe me or not, I would like a list of things that I might look for. Things that at first glance might not seem much, but still should be taken a closer look at. If I have a checklist of things to review, for the slashdot community, it will probably lessen any sort of bias the school has.

Being familiar with IIT, I think there are a couple of points that should be clarified...

1) IITRI is _not_ IIT...they are completely separate institutions that occasionally cooperate in research ventures. IIT staff and students are not even allowed entrance into the IITRI building without an IITRI staff member escorting them. Considering that the Computer Science facilities at IIT are as feeble as they are, it makes sense that they would choose IITRI rather than the university proper...

2) They are also correct in saying that IIT and IITRI are not in the top tier of the available instituitions...anyone who has ever been affiliated with either place would know how true this is...in any case, I wouldn't be hopeful of an informative report...

The most telling part of the article is this quote from Kerry Rowe, the senior vp at IITRI who will be overseeing the project, when asked about the clause in the Justice Department's Request For Proposals requiring that the feds be able to edit the report before publication-

I don't anticipate major edits...We're gonna be working very closely together [with Justice] throughout the evaluation and I think it's going to be a fair [report].

Of course they don't expect any major edits. No one is going to willingly sign up to be a meaningless rubberstamp for bad law enforcement. But the edits will come anyway--especially if they discover that the system is exploitable.

They've (meaning the staff of IITRI) convinced themseleves that Justice is serious when they say a "fair and open" review is what is wanted. They've justified and rationalized to themselves that this isn't a political issue--that it's a technical one. It's an understandable mistake to make, we all want to believe that everyone else is acting in good faith.

But I think they'll probably regret this later, when they discover that federal agents are political beasts and they aren't always acting in good faith.

while i realize this is a little late to comment on, and a lot of people may not read it, i feel that it is important to point out that IIT (the university of science, engineering, and architecture) and iitri (the mostly government research facility) are really not related by anything more that their name. the iitri facilities are no longer even considered part of the iit campus, since four years ago when the industrial design department moved out of the main iitri building to a new location downtown.

once upon a time, iitri was a big source of money for the school. There used to be a whole load of iit researchers and staff turning out patents (real patents for real physical inventions) left and right. Supposedly back at it's height, there was an entire office of secretaries and bookeeppers to keep track of the patent royalties from just one guy (marvin camras, the inventor of magnetic recording)

now the building is pretty much off limits to students. armed guards patrol most of the floors. it's almost entirely government funded. all of the campus researchers do their research elsewhere. the cs and ece (electrical and computer engineering) people have all their own equipment. the mechanical and aerospace department, as somebody previously mentioned, have their own very advanced facilities, and all of our big name physics professors do their research out at fermi lab.

the law school may be doing a legal review of carnivore (also loosely related. it's on a separate campus downtown) but any involvement by the iit research institute is purely governmental.

as you can probably tell by my email address, i am an iit student. but what im stating here is not really an opinion, so it's not really biased. and while i will readily say my school has some problems (as probably any institution of higher learning does) this issue is really not even related to my school.

First of all, I attend IIT, so I can clear some stuff up about what is going on.

IITRI is affiliated and also owned by the school. Anyone who has ever been to Comiskey Park in Chicago has seen a big tall ominous building at 35th and state. That's the main IITRI thing. Last year when the government was testing the foam for bioweapons at airports, they tested it on live anthrax there. It should be noted that with 8 blocks to a mile in Chicago, that puts IIT around 4 miles from downtown chicago. One of IITRI's biggest clients is the US government. There are dozens of IITRI labs around the country.

I've had extensive dealings with the Chicago-Kent College of Law. Some of their faculty are very good about legal issues. Other assume because they wrote a paper about cyberspace a couple of years ago they know everthing about it. Then again, it might just be a personal issue with me and the dean.

This is unusal for our institution. The most prominent IIT research that I know of relating to computers is Garbage Collection [slashdot.org] and is being done by Morris Chang. There is also some AI research being done. But not a whole lot else.

The law school (chicago-kent) is pretty distant from the main campus, and they don't do much with actual computer stuff there. So it's going to be a legalistic investigation, which is probably what this means.

To be honest, I'm kinda excited about this, but I wouldn't trust my own school to do it.

The group that is going to do the review is located in Lanham, MD right down the road from, gasp, NSA. That's a cheap shot as I could have also said that they are right down the road from NASA.

The pertinent web page is probably this one. [iitri.com] I looked at their list of customers, and oh my gawd, they do work for the Los Angeles County Metro Authority! They also do work for the DISA, DTIC, DARPA, NIH, and, oh no, the IRS.

These guys look like some of the other not for profit groups out there.

I went to IIT for a year before I escaped. It's an odd little school...kind of like a campus attached to a giant defense research project. Lessee...fun facts/rumors/etc (you pick 'em!) about IIT:
- The IITRI research building on the main campus (well, the main one, the one that's above ground) is the also the tallest building on campus. And...it's entirely bulletproof. Why is this, you ask? Because the entire campus (being located a few miles directly south of The Loop) is smack dab in the middle of some of the most interesting slums/ghettos in the midwest - and the denizens of the housing project towers (yes, towers - they're big-ass buildings) kept taking shots at the researchers through the windows. *giggle*
- There is at least one entire building underground. You normally can't see this (the roof is just ground with grass on it) but in the winter, the snow likes to melt on top of it - and only there.
- The entire campus is connected by fun underground tunnels, from the dorms to the tower. Most of the fun ones have been closed off...and for some reason, it's really hard to get a blueprint of 'em (I tried).
- An unusually large portion of the student body consists of Army, Navy, Chair Force and Marine ROTC scholarship holders (how I got there) - when I was there, there were about 500 ROTC students, which was about 35% of the student body population
- The undergrad physics department is both unusually small and has an unusually large amount of toys for such a small department. Then again, being as closely associated with the collider up there as they are, not too surprising.
- The southern limb of the L goes literally DOWN THE MIDDLE of the campus. About 800 feet from the dorms. If you've ever seen the L (or el, if you wish), or more specifically, *heard* the L, you'd laugh your ass off just as I did the first time "experiencing" a passthrough while outdoors. Thank god my room was on the other side of the dorm complex.
- IIT has one of the most advanced high-speed wind tunnels on the face of the planet.
- Cafe Edelstein. If you've taken undergrad physics, you'll know what I'm talking about. If you're still going to class after the first 3 classes, that is. Hmm, wonder if he's still there/alive.
- It's got some of the weirdest buildings you'll ever see. That's because it used to be (well, still is in some circles) a really high-end architectural school, and Mies Van der Roah (sp?) designed most of the (older) buildings on campus. Think "giant boxes made of slate and glass" and you're really close.
- 'Cuz of the L, you're a short walk away from downtown - which is really cool, because Chicago is a great city (in the summer) to hang out in downtown.
- Chicago was the first time I'd seen bridges with potholes on 'em. Like....damn.
- Nearly half the main campus (engineering and suchlike, for the most part) is foreign nationals - mostly Chinese, Indian and Pakistani. You should see some of the fights between the Indians and Pakistani folk...damn...
- Not a single solitary math professor speaks intelligible English. Oh, wait, that's everywhere, nevermind...:D

So, all things considered...I find this highly amusing. IITRI "examining" this thing is like asking the whore if she likes her pimp while the pimp is standing there listening.

"All non-relevant data is purged. Opponents of the system fear Carnivore does not discard private or irrelevant information, leading to potential abuses."

That is such bullshit.

Opponents of Carnivore (A) feel the ENTIRE SYSTEM is unconstitutional and (B) oppose the entirely SECRET NATURE of the system.

The FBI's attempt to isolate the point of controversy to a single point in the system is an obvious attempt to reframe the argument.

People are opposed to the entire thing, not just a part of it. People think abuse can happen at any point in carnivore's operation, not only after filtering is done. (The filtering criteria can be corrupt for example.)

Among other things they run the Joint (as in armed services) Spectrum Center in Annapolis, Maryland, are heavily involed at the Navy's David Taylor Research Lab, also in Annapolis, and the IRS Tax Modernization Insititute in Lanham, Maryland. Funny how an Illinois college has so many facilities in Maryland... so close to Washington DC.

Can we say "unbiased?" No? OK, try "biased."

The IRS center is a joke. You can read about their blunders on your own. As far as the JSC goes, I once worked there. The software development done there is a monument to hacked, undesigned code.

Any findings they come up with... well, I already question the technical veracity of such.

This is just another taste of what we are going to be seeing from our beloved **cough** justice department. I am seriously wondering how much longer we will have any rights, since we already know that we cannot trust our own government. The most amazing part is the total ignorance on the part of almost all americans. And no one is willing to stand up and revolt. I hate to think about where we're going, because it scares me.
Does it scare you?

after all the most capable and reputable academic institutions refused to submit to DoJ conditions for a so-called "unbiased, independent" review.

So, of course, now a couple of third-rate schools beholden to DARPA grants or hoping for publicity step up to "review" (read rubber-stamp) the FBI's Carnivore system. Their credibility in doing so will be below merely suspect, given that DoJ restrictions to control and edit their findings effectively foreclose any critical questioning. And, they have the technical and legal reviews at two different institutions. How very amusing....

Not that anyone should be surprised, after Janet Reno and Louis Freeh defended their persecution, harassment, and long unjust incarceration of Win Ho Lee, whom they targeted unfairly and so badly abused _for a year_ before finally releasing him.

Thomas Jefferson believed in revolutions every 20 years or so. It's been 200+ years since then....

Given that any basic encryption would yield the system useless, what do they hope to gain through this and what is stopping them from opening the source code?

Are they afraid of bugs being exploited, embarrased of sloppy code or just too tied up in the 'you don't need to know' mentality?

Linux has a great, easy to use, fast network filtering feature called netlink. You could filter out only mail traffic and then use a userspace program to do the same thing that carnivore is supposed to do with little more than a perl script!

Oh, he was trolling. But you forgot that Roberge left this semester, probably for good (his company is about to enter the market). I had him last year, and I always wondered why he skipped it. He was good and I hear the woman who replaced him isn't to wonderful.

One of the major reasons why IIT isn't known is because a few years back money was tight, and professors left (forced or not), somewhat due to failing to give tenure. Motorola and Hyat stepped in and its getting back in shape, but I had a professor another university warn me about that. Had great things to say otherwise.

The CS cur. is a bit light, especially first year. But almost every other college is the same, as if you look at CMU's its quite close. The major difference is that CS105/106 is first semester (200). I actually liked ours a little better, as CMU's seemed to be to strict (ie, humanities/philosophies were pre-picked). Course, thts what I remember, and easily could be a bit wrong.

A friend at UCSC seems to have had a worse time then here. The classes sounded as if they taught less and he failed two (quarter, tho, so throuws me off a bit). IIT is nothing like the crap people have been saying on here, as you'd agree. The EE/CPE isn't light, and every night these last two weeks I've been working for 6+ hours studying. The works hard, taught well, and done well.

This guy got it right and most people talking on here just give wild speculations. Slashdot gets reaction, not logical thought.

I hear a lot of people talking about how IIT sucks, IIT is not a good university. Now, maybe I'm bias...but can anyone here provide any actual proof of this? I would love for someone to point it out so I can be well informed just like everyone else is.

Very valid points. I was mistaken, and I accept that. I didn't mean to come off as hard as I did. I have had limited expericence with IIT, and that was only at their Rice campus. Thank you for the information, and hopefully things will improve there for you.

After reading the Fox news article a little more closely, it's not Kent State (as stated in the original post) but Chicago-Ken Law School. I'm just so used to seeing Kent this, Kent that around here the brain just fills in the blanks.... Anyway, ignore the Kent State portion of my post, but the first part stands. Why THIS institution (other than the fact others turned it down) and what qualifications does it have to evaluate it.

Not to knock these institutions, but are these quailty institutions that we can trust to present a detailed and thorough overview of this software? I don't know anything about Illinois Tech. Also, I live right by Kent State (Main) and I didn't even know that HAD a law department. Like I said, not to badmouth these institutions but I'd like more information on their credentials and why they were chosen to review the software.

As the former Mgr. of Web Resources of the CLC (Center for Law and Computers) there, I'm dismayed about this. I don't know much about IITRI, but I do know that CK has only 2 (maybe 3) Law Profs. who are semi computer literate. The rest, well at best they know little to none. At worst they think that the latest article they read makes them an Uber Computer Genius.

I can think of a few names, who if involved with this, are totally in it for name recognition and for future job opportunities.

How much credibility is this review really going to have? Especially after being turned down by multiple universities [cnn.com], such as MIT, UCSD and UM. The only solution is a justice department independent review, as these universities have suggested. Now by choosing such a no name institution (no offense to IIT), but it is only going to get charged with conspiracy no matter how they respond to the review. I'm glad I'm not in their spot.

CS445, CS488, CS521 are not currently offered. I took CS487, we did not mention UML once. We use an archaic text by Robert Pressman and we spend our time drawing DFD's.

Find me a class that actively teaches you PERL or VHDL in the curriculum right now - you can't. As far as MIPS assembly, you are tought a small subset of it that is not useful in practical situations.

I have plenty of books, and I have done a lot to advance my body of knowledge. Contrary to what you may think, I understand a great deal about the inner workings of the department. Whether or not you choose to believe me is your concern -- it does not matter to me.

If I am the "dumbest bastard alive", then I am forced to wonder what you are by posting such blatant flamebait. Go write some real code, work on a project or two in the real world. Get some experience, then you will know what you are talking about.

From the article:"Jeffrey Schiller, a security expert and network manager at the Massachusetts Institute of Technology, said the fine print in the DOJ's request for review would place numerous unacceptable restraints on the process, including giving the department the right to read, edit and even junk the report before the public saw it.

In other words, any negative feedback from scientists could be cut out -- while the DOJ would still be able to claim that those scientists, and the universities associated with them, reviewed the software."

So this isn't going to be any kind of review at all. With the knowledge of the DOJ's control over the "review" I don't see how any intelligent soul could believe the final report. If that aint sad enough the university has to pay to review it!

The FBI claims that they need to keep the
source closed to prevent criminals from
figuring out how to evade Carnivore. But
it seems to me that any criminal who is
technically skilled enough to do this from
reading the actual source code could also figure
it out just from the descriptions the FBI
has freely given to the press. I mean,
either there vast subtleties I'm missing
about checking the TO and FROM fields of
email messages, or the FBI has something they
want to hide.

Suppose you were an idiot. And suppose that you were a
member of Congress. But I repeat myself.

Even without the restrictions one has to wonder about a government funded entity evaluating the technology of another government entity. Based on this theory why not just have Microsoft Publishing send down a verdict to the Microsoft anti-trust case?

Justice Department spokeswoman Chris Watney denied that the chosen review board's final report would be altered before release.

Then why does their agreement with the review boards allow them to alter the final report?

The only part that may go unreleased, she said, is the software's source code, which would be the proprietary information of the company that developed it, and which could also help criminals evade Carnivore.

In the article it states that the FBI will be able to edit any findings that the university has.When they release it to the public, we will think that Carnivore is a perfectly fine system. I'm not sure that this "Review" of carnivore is really going to go like it should.
They need to have a system where the university can say anything they want about it, or people won't be able to see how bad it is... never mind, thats exactly what the government doesnt want.

I think I'm turning into one of those conspiracy theory people. I need to get out more.

I attend IIT, and almost all the people I know know what Carnivore is. I don't like the conditions that the Government is going to place on us on the report, but who knows what will help. I think some of the people in the upper levels of IIT management are just making claims in order to protect themselves if the government decides to edit our report and completely change it.

IIT isn't a spectacular university by reputation, but it's far from poor. We are one of 16 members of the Association of Independent Technological Universities which also include MIT, RPI, CalTech, and Carnegie Mellon. Freshmen are taught be professors with Ph.D's and some are Nobel prize winners. I don't like the fact that the government has so much control over this and I don't think it will help what little reputation we have.

...an obvious attempt at covering up what the Carnivore system really is.

Heh. The FBI [fbi.gov] clearly states on their web site that CARNIVORE is a "diagnostic tool".

How much longer is it going to take for all the self proclaimed hackers out there to realize that soon they will need an internet of their own?

*sigh* Who is John Galt?

It's interesting, I just had this conversation with someone the other day. They thought it was quite humourous that certain hacker types were so vehement about the misuse of the net and infringement of freedoms on the net.

"[they'll] just go build another one!"
I was told. Does anybody else recognize that as a line from Atlas Shrugged?

There are a lot of people right now busily tearing down internet freedoms and functionality who sleep soundly at night because they are certain that the 'hackers', the people who built the net and make it continue to function, cannot do otherwise; the powers that be are quite certain that if they fsck it all up, you will just go build another one, and when you do, they will take that one from you, too.

Chicago-Kent College of Law, affiliated with Illinois Institute of Technology, is probably very well qualified for this task, as this particular law school specializes in Science and Technology law, IP and other legal ramifications of technological development.

Ok, the US government has been bullying around the
world saying that they are the defensor of freedom
and democracy.

How about a real democracy at home?

Since this Carnivore thing is going to have a long
term effect on all Americans, and all other countries' population as well, isn't it fair to submit
the question to the whole population for a
referendum?

And let's see whether we want it or not. I don't
like the idea that some FBI guys decide for me.

I GRADUATED from IIT. Amazingly few people do this and leave (a large number of those who do graduate seem to stay for some reason, or disappear into the military)

AFAIK, and in my opinion, it is a pretty top-rate institution, with a nearly top rate reputation. I think that degree is, and should be, as good as any other degree qualification for employment. This said I don't recommend going there unless you like pain and suffering, because in my experience they do a bad job of making a good quality of life university experience. I should stipulate that this was at least an order of magnitude less true when I left (May) as it was when I started there. So maybe it's better now... If they keep going at that rate the place would truly rock in another 6 or so years, but I think it gets harder to make that size of gain.

It is apparently at least as famous or moreso in the rest of the world, and does have a large foreign student population.

ROTC: the ROTC #s there have been in decline since 95. Army especially so. The AROTC students there tend to win a disproportionate number of awards in the Fire Battalion (IIT's AROTC program is a satellite of UIC's)

There are professors in every department who speak English natively. In the Math and CS classes I took, that only served to demonstrate that they were either incompetent or just terribly confusing and disorganized people (which I could actually tell WASN'T true of some of the people I couldn't undertand) I have a BS in Mechanical Engineering, and that department actually had many professors who spoke English quite understandably AND knew what they were talking about. Still a couple of bastards, of course, but that's life.

I should point out that some of the militarization of IIT's campus in general is due to the extremely bad neighborhoods on 3 sides (the fourth is an expressway. Across the expressway is a neighborhood that isn't too bad, as long as you are white) IIT works very hard for safety there, and does a generally good job (although changing away from the IIT Police was a bad, bad move, imho.)

IITRI is the big tower at the south (most dangerous) side of campus. It is across from some Public Housing towers. Recently there was a multiday shootout between the public housing people (across from IITRI) and the police admin building (across the other street from the PH) involving at least one tripod mounted automatic weapon in the PH. At least one security guard in the IITRI lobby has been shot from the PH tower, and I've heard rumors that there was once a grenade used. (They've improved the glass since the sniper, I'm told)

This isn't the primary security reason. IITRI does some extremely sensitive work. I strongly doubt you'll see leaked source code. A friend of mine who had classes in IITRI (doesn't happen anymore, only in the Design school) reported getting off on the wrong floor and found himself facing M16 bearing military guards.

I've also heard that on the old USSR list of what to nuke, IITRI was the 3rd ranking civilian institution in terms of importance (this obviously excludes any military institution, including any of our nukes, Crystal Mountain, and any place the pres or a successor might be, since he's the military commander-in-chief) to destroy, because of the large body of military research done there.

IITRI is basically like having Lockheed review it, except they seem to by trying to use the fact that IIT is an educational institution to add credibility. I don't think the source will get out. I do think it'll probably be competently reviewed. I don't think we'll ever HEAR about any problems they find.

To be honest, how many schools are known for their educational programs? Most are known due to their sports programs. IIT does a lot a research, it is just in fields that most people here are not interested in.

Let's wait until the review is done before making charges of conspiracy.

Well, along with all the other matters to send off to my Rep and Senators, we can now add the 'independent' review of Carnivore. Anyone who isn't totally disturbed by Freeh and his department's lack of respect for the court order should make it plain and apparent to their congress grunts, as well as the key folks on the Senate and House Judiciary committees that the continued recalcitrance is injustifiable.

This is at first glance an obvious attempt at covering up what the Carnivore system really is. Since public opinion holds universities in such high regard we as a general public are expected to trust their judgement. Why that is I do not know since after all they are still business that are attempting to succeed in the world. It also just so happens that universities are also government entities. Anyone see a conflict of interest?
How much longer is it going to take for all the self proclaimed hackers out there to realize that soon they will need an internet of their own?

well
i would like to see the contract IIT is under...
see if it's as good as some EULA contracts we hve
"upon looking at the source code for carnivore (C), you agree to say nothing that may impact carnivore's (C) image negitively. You also agree to sign this pre-written report in decemeber...
you also agree to take this $175,000 for your "work" on this project

The list of IIT labs [iitri.com] reads like a bioweaponary proving ground. Moreover, the list of available jobs [205.167.171.36] further sheds some light that maybe IIT has some defense department ties?

Understanding that MIT and University of California, San Diego "turned down the Justice Department's review request earlier this month, saying they were being asked to rubber stamp the Carnivore system," I am disturbed by a CNN article [cnn.com] in which the senior vice president at IITRI and manager of the advanced technology group, said "he was unaware of the concerns expressed by other academic institutions."

I don't buy IIT's statements suggesting that they don't know what Carnivore is. Unfortunately, I doubt most of the populous will care or understand the extent of abuse by Carnivore or an apparent conspiracy with selecting IIT as the reviewer.

MIT and UCSD have too much of a reputation to risk by rubber-stamping anything, much less a system that is getting as much bad press as Carnivore.

And, quite honestly, I doubt anyone heavily involved in the IT field has not heard of the Carnivore system at this point. The Sr. VP of IITRI's asserations that he is unaware of other institutions' opinions is pretty thin. This has gotten a lot of press in various ways. I've seen stuff on CNN, Headline news, and on MSNBC.com. To not be aware of the general opinions of Carnivore, you'd have to deliberately be unaware and ignorant on purpose.

Frankly, it doesn't surprise me that some of the institutions don't want to weigh in on Carnivore, but it bothers me when some profess ignorance on this scale.

Referendums allow the will of the majority or plurality to totally control the minority or minorities. For the most part, we do not live in a direct democrary. The United States is a republic--we elect others to lead us in the manner they best see fit. Personally, I think this system works fairly well.

As another poster suggested, the best way to effect change is to send letters to your representatives in Congress. If you are really passionate about the issue, follow up with a phone call.

<flamebait>I don't think postings on/. will really get law enforcement to change their behavior or people in Congress to change their votes.</flamebait>

"some defense department ties"
you are not going to convince me that anybody with a metallurgy lab in Huntsville does not have a DoD contract... and I can see a lot of my own private communication being considered "relevant"

I'm not going to trust any system whose code I can't see. They used the excuse that if the source were available people might be able to find holes in it, well wouldn't the same people be smart enough to use encryption to defeat it anyway? or did I miss the RSA cracking algorithm built into it.

"// this is the most hacked, evil, bastardized thing I've ever seen. kjb"

The Justice Department said the team will review Carnivore's design, function and method of use. The controversial program is an investigative tool, like a wiretap, that filters e-mail information down to content covered by a court order, as part of a specific investigation. The IITRI contract will cost an estimated $175,000

That's Just Incredible. Can someone explain why it cost this much for a few people to look at this computer? Add an E- to anything and it's worth a fortune. E-Hotdogs! $2000! It Just Amazes Me.